The Panoptech platform is a three phased process that supports the objective of creating a repeatable process in the agency that addresses the cyber and technology coverage needs of current clients and prospects. The Panoptech platform helps firms develop the knowledge, skills, and procedures to clearly define how to uncover key issues and concerns in order to properly align risk evaluation and sales efforts with what needs to be accomplished from a coverage perspective. The process gives prospects and clients the ability to view exposures in a collaborative way while giving the firms team a common vocabulary and method to aggressively move issues through the risk assessment process.
Phase I – Cyber, Technology & Privacy Baseline Assessment – Cyber Risk & Coverage Common Body of Knowledge (CBK)
Phase II – Client/Prospect Engagement: Technology – Technique – Training – Terminology – True Threat
Phase III – Balancing the Approach: Technology Deployment – Operational & Technical Controls – Appropriate Level of Risk Transfer
One of the core elements of the Panoptech platform is the use of standard Security Ratings for Cyber Insurance. iPrevision, in conjunction with BitSight Technologies, the standard in Security Ratings, enables insurance underwriters and brokers to make data-driven coverage decisions, while also delivering security value to the insured.
Security Ratings for Cyber Insurance works entirely from outside the insured company or organization and is built on BitSight’s Security Ratings Platform. The solution analyzes terabytes of publicly available data gathered from sensors deployed across the globe and rates companies’ security performance on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, are assessed for severity, frequency and duration and used to generate objective Security Ratings. Security Ratings range from 250 to 900, similar to consumer credit scores, with higher ratings equating to higher security performance.
Tailored specifically for the needs of underwriters and brokers, Security Ratings for Cyber Insurance provide insurers and brokers access to the following key features:
- Security Ratings, updated daily, measure the security performance of all applicants and insured companies
- Segmented tracking of current and prospective insureds through folder organization, specialized analytics and dashboards
- Email Alerts of major changes in a company’s security posture
- Shareable reports and tools to provide value added security service to insureds
The importance and value of security ratings has already been realized across several use cases and various industries and now are addressing the needs of the cyber insurance industry.
Looking at a Prospect/Insured’s Risks from All Angles Requires the Right Information
iPrevision understands that when evaluating cyber risk exposure, it is important to have ALL the right data to help guide the most effective risk mitigation strategies. While it is certainly important to have an awareness and understanding of the particular vulnerabilities within the insured organization’s network, in-depth analysis of this single domain must be complemented with an understanding of the insured organization’s cyber risk from all angles which requires looking outward as well.
The challenge with an outside-in approach is that the cyber world is full of complex data and without standardization and context, it is very hard to understand. Leveraging an information model such as ATEP provided by SurfWatch Labs normalizes this outside data.
Actor – who is behind the attack? Target – what they’re targeting? Effect – what is the impact of the attack? Practice – how the attack is being executed?
The ATEP model enhances the agent and brokers ability to help answer important questions such as: What are cybersecurity trends that affect the business’ sector? Is there a vulnerability somewhere in the supply chain? Has the insured’s cloud provider recently had an intrusion? What’s the potential impact of a certain attack on the business?
Many of the insured’s most valuable assets are at risk to criminal activities carried out on the Dark Web and they don’t even know it. Turning a blind eye to this can impact: Brand and Reputation, Customer Loyalty, Intellectual Property, Legal Defenses, Sales, IT Baselines, and Cyber-Security Strategy.
iPrevision, in conjunction with SurfWatch Labs can remove this blind spot in the cyber threat intelligence program by providing personalized cyber risk intelligence from Dark Web and other related sources.
When looking at an insured’s total cyber exposure, there are numerous variables involved. Having the right cyber risk intelligence information is an important starting point for stakeholders to make more risk-informed decisions. Looking at cyber risk from a business intelligence perspective will help agents and brokers understand what’s going on in the cyber world around their client or prospect’s business, help identify potential short-term and long-term risks and balance them against the cost and value of the risk transfer (insurance) component in the overall cyber risk strategy.
Having the information and analysis that can easily and immediately be understood by the senior business leaders as well as security professionals makes it easier to determine what to cover, how much cyber insurance to acquire, and how to help limit an organization’s risk.